Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ev_root_ca_metadata_unittest.cc

Issue 2781093003: De-prioritize 2.23.140.1.1 when searching for EV policy. (Closed)
Patch Set: Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ev_root_ca_metadata.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ev_root_ca_metadata.h" 5 #include "net/cert/ev_root_ca_metadata.h"
6 6
7 #include "net/cert/x509_cert_types.h" 7 #include "net/cert/x509_cert_types.h"
8 #include "net/der/input.h" 8 #include "net/der/input.h"
9 #include "net/test/cert_test_util.h" 9 #include "net/test/cert_test_util.h"
10 #include "testing/gtest/include/gtest/gtest.h" 10 #include "testing/gtest/include/gtest/gtest.h"
11 11
12 #if defined(USE_NSS_CERTS) 12 #if defined(USE_NSS_CERTS)
13 #include "crypto/nss_util.h" 13 #include "crypto/nss_util.h"
14 #include "crypto/scoped_nss_types.h" 14 #include "crypto/scoped_nss_types.h"
15 #endif 15 #endif
16 16
17 namespace net { 17 namespace net {
18 18
19 namespace { 19 namespace {
20 20
21 #if defined(USE_NSS_CERTS) || defined(OS_WIN) 21 #if defined(USE_NSS_CERTS) || defined(OS_WIN)
22 const char kVerisignPolicy[] = "2.16.840.1.113733.1.7.23.6"; 22 const char kVerisignPolicy[] = "2.16.840.1.113733.1.7.23.6";
23 const char kThawtePolicy[] = "2.16.840.1.113733.1.7.48.1"; 23 const char kThawtePolicy[] = "2.16.840.1.113733.1.7.48.1";
24 const char kFakePolicy[] = "2.16.840.1.42"; 24 const char kFakePolicy[] = "2.16.840.1.42";
25 const char kCabEvPolicy[] = "2.23.140.1.1";
25 #elif defined(OS_MACOSX) 26 #elif defined(OS_MACOSX)
26 // DER OID values (no tag or length). 27 // DER OID values (no tag or length).
27 const uint8_t kVerisignPolicy[] = {0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 28 const uint8_t kVerisignPolicy[] = {0x60, 0x86, 0x48, 0x01, 0x86, 0xf8,
28 0x45, 0x01, 0x07, 0x17, 0x06}; 29 0x45, 0x01, 0x07, 0x17, 0x06};
29 const uint8_t kThawtePolicy[] = {0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 30 const uint8_t kThawtePolicy[] = {0x60, 0x86, 0x48, 0x01, 0x86, 0xf8,
30 0x45, 0x01, 0x07, 0x30, 0x01}; 31 0x45, 0x01, 0x07, 0x30, 0x01};
31 const uint8_t kFakePolicy[] = {0x60, 0x86, 0x48, 0x01, 0x2a}; 32 const uint8_t kFakePolicy[] = {0x60, 0x86, 0x48, 0x01, 0x2a};
33 const uint8_t kCabEvPolicy[] = {0x67, 0x81, 0x0c, 0x01, 0x01};
32 #endif 34 #endif
33 35
34 #if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) 36 #if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
35 const char kFakePolicyStr[] = "2.16.840.1.42"; 37 const char kFakePolicyStr[] = "2.16.840.1.42";
36 const SHA1HashValue kVerisignFingerprint = 38 const SHA1HashValue kVerisignFingerprint =
37 { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45, 39 { { 0x74, 0x2c, 0x31, 0x92, 0xe6, 0x07, 0xe4, 0x24, 0xeb, 0x45,
38 0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } }; 40 0x49, 0x54, 0x2b, 0xe1, 0xbb, 0xc5, 0x3e, 0x61, 0x74, 0xe2 } };
39 const SHA1HashValue kFakeFingerprint = 41 const SHA1HashValue kFakeFingerprint =
40 { { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 42 { { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
41 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 } }; 43 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99 } };
42 44
43 class EVOidData { 45 class EVOidData {
44 public: 46 public:
45 EVOidData(); 47 EVOidData();
46 bool Init(); 48 bool Init();
47 49
48 EVRootCAMetadata::PolicyOID verisign_policy; 50 EVRootCAMetadata::PolicyOID verisign_policy;
49 EVRootCAMetadata::PolicyOID thawte_policy; 51 EVRootCAMetadata::PolicyOID thawte_policy;
50 EVRootCAMetadata::PolicyOID fake_policy; 52 EVRootCAMetadata::PolicyOID fake_policy;
53 EVRootCAMetadata::PolicyOID cab_ev_policy;
51 }; 54 };
52 55
53 #endif // defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) 56 #endif // defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
54 57
55 #if defined(USE_NSS_CERTS) 58 #if defined(USE_NSS_CERTS)
56 59
57 SECOidTag RegisterOID(PLArenaPool* arena, const char* oid_string) { 60 SECOidTag RegisterOID(PLArenaPool* arena, const char* oid_string) {
58 SECOidData oid_data; 61 SECOidData oid_data;
59 memset(&oid_data, 0, sizeof(oid_data)); 62 memset(&oid_data, 0, sizeof(oid_data));
60 oid_data.offset = SEC_OID_UNKNOWN; 63 oid_data.offset = SEC_OID_UNKNOWN;
61 oid_data.desc = oid_string; 64 oid_data.desc = oid_string;
62 oid_data.mechanism = CKM_INVALID_MECHANISM; 65 oid_data.mechanism = CKM_INVALID_MECHANISM;
63 oid_data.supportedExtension = INVALID_CERT_EXTENSION; 66 oid_data.supportedExtension = INVALID_CERT_EXTENSION;
64 67
65 SECStatus rv = SEC_StringToOID(arena, &oid_data.oid, oid_string, 0); 68 SECStatus rv = SEC_StringToOID(arena, &oid_data.oid, oid_string, 0);
66 if (rv != SECSuccess) 69 if (rv != SECSuccess)
67 return SEC_OID_UNKNOWN; 70 return SEC_OID_UNKNOWN;
68 71
69 return SECOID_AddEntry(&oid_data); 72 return SECOID_AddEntry(&oid_data);
70 } 73 }
71 74
72 EVOidData::EVOidData() 75 EVOidData::EVOidData()
73 : verisign_policy(SEC_OID_UNKNOWN), 76 : verisign_policy(SEC_OID_UNKNOWN),
74 thawte_policy(SEC_OID_UNKNOWN), 77 thawte_policy(SEC_OID_UNKNOWN),
75 fake_policy(SEC_OID_UNKNOWN) { 78 fake_policy(SEC_OID_UNKNOWN),
76 } 79 cab_ev_policy(SEC_OID_UNKNOWN) {}
77 80
78 bool EVOidData::Init() { 81 bool EVOidData::Init() {
79 crypto::EnsureNSSInit(); 82 crypto::EnsureNSSInit();
80 crypto::ScopedPLArenaPool pool(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); 83 crypto::ScopedPLArenaPool pool(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
81 if (!pool.get()) 84 if (!pool.get())
82 return false; 85 return false;
83 86
84 verisign_policy = RegisterOID(pool.get(), kVerisignPolicy); 87 verisign_policy = RegisterOID(pool.get(), kVerisignPolicy);
85 thawte_policy = RegisterOID(pool.get(), kThawtePolicy); 88 thawte_policy = RegisterOID(pool.get(), kThawtePolicy);
86 fake_policy = RegisterOID(pool.get(), kFakePolicy); 89 fake_policy = RegisterOID(pool.get(), kFakePolicy);
90 cab_ev_policy = RegisterOID(pool.get(), kCabEvPolicy);
87 91
88 return verisign_policy != SEC_OID_UNKNOWN && 92 return verisign_policy != SEC_OID_UNKNOWN &&
89 thawte_policy != SEC_OID_UNKNOWN && 93 thawte_policy != SEC_OID_UNKNOWN && fake_policy != SEC_OID_UNKNOWN &&
90 fake_policy != SEC_OID_UNKNOWN; 94 cab_ev_policy != SEC_OID_UNKNOWN;
91 } 95 }
92 96
93 #elif defined(OS_WIN) || defined(OS_MACOSX) 97 #elif defined(OS_WIN) || defined(OS_MACOSX)
94 98
95 EVOidData::EVOidData() 99 EVOidData::EVOidData()
96 : verisign_policy(kVerisignPolicy), 100 : verisign_policy(kVerisignPolicy),
97 thawte_policy(kThawtePolicy), 101 thawte_policy(kThawtePolicy),
98 fake_policy(kFakePolicy) {} 102 fake_policy(kFakePolicy),
103 cab_ev_policy(kCabEvPolicy) {}
99 104
100 bool EVOidData::Init() { 105 bool EVOidData::Init() {
101 return true; 106 return true;
102 } 107 }
103 108
104 #endif 109 #endif
105 110
106 #if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) 111 #if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
107 112
108 class EVRootCAMetadataTest : public testing::Test { 113 class EVRootCAMetadataTest : public testing::Test {
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
141 EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); 146 EXPECT_TRUE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
142 EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, 147 EXPECT_TRUE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
143 ev_oid_data.fake_policy)); 148 ev_oid_data.fake_policy));
144 } 149 }
145 150
146 EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy)); 151 EXPECT_FALSE(ev_metadata->IsEVPolicyOID(ev_oid_data.fake_policy));
147 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint, 152 EXPECT_FALSE(ev_metadata->HasEVPolicyOID(kFakeFingerprint,
148 ev_oid_data.fake_policy)); 153 ev_oid_data.fake_policy));
149 } 154 }
150 155
156 TEST_F(EVRootCAMetadataTest, IsCaBrowserForumEvOid) {
157 EXPECT_TRUE(
158 EVRootCAMetadata::IsCaBrowserForumEvOid(ev_oid_data.cab_ev_policy));
159
160 EXPECT_FALSE(
161 EVRootCAMetadata::IsCaBrowserForumEvOid(ev_oid_data.fake_policy));
162 EXPECT_FALSE(
163 EVRootCAMetadata::IsCaBrowserForumEvOid(ev_oid_data.verisign_policy));
164 }
165
151 #endif // defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) 166 #endif // defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
152 167
153 } // namespace 168 } // namespace
154 169
155 } // namespace net 170 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/ev_root_ca_metadata.cc ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698